Multiple input-validation vulnerabilities in PortalApp

vendor:

PortalApp

by:

Unknown

7.5

CVSS

HIGH

Input Validation

Unknown

CWE

Product Name: PortalApp

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE: Unknown

CPE: Unknown

Metasploit:

Other Scripts:

Platforms Tested: Unknown

Unknown

Multiple input-validation vulnerabilities in PortalApp

The application fails to properly sanitize user-supplied input, leading to cross-site scripting and SQL injection vulnerabilities. The cross-site scripting vulnerabilities affect the 'content.asp' script, while the SQL injection vulnerability affects the 'ad_click.asp' script.

Mitigation:

Implement proper input validation and sanitization techniques to prevent cross-site scripting and SQL injection attacks. Update the application to include these fixes.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12936/info

Multiple input-validation vulnerabilities reportedly affect PortalApp. These issues occur due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions.

The first set of issues includes cross-site scripting vulnerabilities that affect the 'content.asp' script. These issues arise because the application fails to properly sanitize input passed through the offending functions before including it in dynamically generated Web content.

The second issue is an SQL-injection vulnerability that affects the 'ad_click.asp' script. The application includes the value of the offending parameters without sanitization, allowing an attacker to inject SQL syntax and manipulate SQL queries.

An attacker may leverage these issues to carry out cross-site scripting and SQL-injection attacks against the affected application. This may result in the theft of authentication credentials, destruction or disclosure of sensitive data, and potentially other attacks.

http://www.example.com/ad_click.asp?banner_id='SQL_INJECTION